Bitcoin’s ongoing debate surrounding the threat posed by quantum computing is becoming increasingly entangled, primarily because discussions often conflate two distinct, yet interconnected, issues: the technical feasibility of defending the protocol and the legal ramifications of potential quantum-driven exploits. This nuanced challenge requires a clear understanding of both the engineering hurdles and the fundamental principles of property law that underpin ownership in the digital realm.
The technical question centers on Bitcoin’s cryptographic signature scheme. As quantum computing capabilities advance, the concern is that sufficiently powerful quantum computers could potentially break the algorithms used to secure Bitcoin transactions, thereby compromising private keys. However, the Bitcoin protocol is not static. Developers are actively exploring and proposing solutions, including new address types, migration protocols, soft forks, and key rotation mechanisms. While these represent significant engineering challenges, they are ultimately solvable problems within the protocol’s design framework.
The legal question, however, delves into a more profound and immediate ethical dilemma: if an individual were to use a quantum computer to successfully derive the private key for an old, dormant wallet and transfer its contents, what would be the legal classification of this act? Would it be considered a legitimate recovery of abandoned assets, or would it be legally defined as theft? This distinction carries immense weight, particularly as proposals like BIP-361 emerge, aiming to address the quantum threat by freezing potentially vulnerable Bitcoin holdings.
The urgency of this debate intensified with the proposal of BIP-361 in April 2026. This proposal specifically targets over 6.5 million BTC held in quantum-vulnerable UTXOs (Unspent Transaction Outputs). Among these are an estimated million-plus coins historically associated with Satoshi Nakamoto, Bitcoin’s pseudonymous creator. This has transformed the quantum threat from an abstract theoretical discussion into a tangible conflict over ownership, potential confiscation, and the very definition of property within a system that fundamentally recognizes control as the primary determinant of asset access.
While the precise timeline for the arrival of quantum computers capable of attacking Bitcoin remains a subject of ongoing speculation among researchers, the immediate and more pressing question revolves around the legal framework that will govern actions taken once such capabilities are realized. If a quantum computer is deployed to unlock and move long-dormant coins using derived private keys, the crucial determination will be whether the law perceives this as a legitimate act of asset recovery or as outright theft.
Classical property law provides a relatively unambiguous answer to this scenario. From a traditional legal standpoint, such an action would be unequivocally classified as theft. This perspective, while straightforward in legal terms, may prove contentious for some within the Bitcoin community. Bitcoin’s native enforcement mechanism relies on cryptographic control rather than traditional title deeds. The network validates a spend if the correct digital signature is provided, irrespective of the historical ownership claims. This emphasis on control, however, only sharpens the critical need for clarity on how the law would interpret the underlying act of acquiring that control through quantum means.
The Tangible Quantum Risk: Identifying Vulnerabilities
To fully grasp the implications, it is essential to delineate the specific vulnerabilities within Bitcoin’s architecture. Not all Bitcoin holdings are equally exposed to quantum threats. In typical usage, an address does not reveal its associated public key until a transaction is initiated by the owner. This inherent privacy mechanism means that a quantum attacker cannot simply scan the blockchain and derive private keys from any arbitrary, untouched address.
The genuine risk lies within a more limited subset of Bitcoin outputs. Older transaction formats, specifically "pay-to-public-key" outputs, expose the full public key on the blockchain. Certain legacy script constructions also share this characteristic. More recent innovations like Taproot outputs, while offering enhanced privacy in many aspects, commit directly to a 32-byte output key, not a hash of that key, which presents a different set of considerations. Furthermore, the practice of address reuse—where an individual uses the same address for multiple transactions—can expose the public key once a spend occurs, leaving behind funds under that same key material. These are the specific categories of Bitcoin that are most often referred to when discussing "exposed" or "quantum-vulnerable" assets.
The perceived timeline for this scenario to become a critical issue has been significantly compressed by recent advancements. In March 2026, research published by Google Quantum AI indicated a dramatic reduction in the estimated number of physical qubits required to break Bitcoin’s secp256k1 elliptic curve. The study suggested that fewer than 500,000 physical qubits might suffice, a twenty-fold decrease from prior estimates that hovered around nine million. Crucially, the same paper modeled a direct "mempool attack vector." During a transaction broadcast, the public key is exposed for a window of approximately ten minutes before block confirmation. This provides a potential opportunity for a quantum adversary to derive the private key before the transaction is finalized on the blockchain.
Current quantum hardware, while advancing rapidly, remains distant from these theoretical thresholds. Google’s Willow chip, for instance, operates at 105 qubits, and IBM’s Nighthawk at 120 qubits. However, the pace of algorithmic optimization is increasingly outpacing hardware scaling. This trend is reflected in NIST’s (National Institute of Standards and Technology) post-quantum cryptography standardization process. Their roadmap calls for the deprecation of quantum-vulnerable algorithms across federal systems by 2030 and their outright prohibition by 2035. While this timeline is specific to government systems, it establishes a benchmark that institutional investors and regulatory bodies will likely use to assess Bitcoin’s preparedness for the quantum era.
A substantial portion of these vulnerable Bitcoin holdings are old. Many are undoubtedly lost, belonging to deceased owners, or secured in outdated formats like paper wallets, forgotten backups, or ancient storage methods. Others may be part of complex estates that have yet to be settled. A significant quantity also likely belongs to individuals who are alive and well but simply have no current interest in accessing or transacting with these funds.
This latter point is of greater significance than often acknowledged by those focused on the "lost coin" narrative. From an external perspective, the dormancy of a wallet offers little insight into the owner’s status or intentions. A wallet might remain untouched for over a decade for various reasons: the owner may have passed away, lost their private keys, adopted a disciplined approach to long-term holding, harbored extreme paranoia about security, or perhaps the funds are locked within a multi-party escrow system. It is also conceivable that an owner, like Satoshi Nakamoto, may choose to remain anonymous rather than engage in legal disputes. The blockchain itself does not provide the context to differentiate between these possibilities.
It is precisely this inherent uncertainty that underscores why property law has historically refrained from treating mere silence or inactivity as a definitive indicator of relinquished ownership.
Dormancy is Not Abandonment: The Legal Definition of Ownership
The casual inclination towards a "finders keepers" mentality often present in these discussions bears little resemblance to the established principles of property law. Ownership does not simply evaporate due to a lack of use. Legal title persists until it is formally transferred, intentionally relinquished, extinguished by operation of law, or superseded by a legally recognized doctrine. The passage of time or a period of inaction alone does not nullify ownership, nor does the asset’s inherent value.
For proponents of the "dormant Bitcoin is fair game" argument, the primary legal avenue typically explored is abandonment. The assertion is straightforward: if Bitcoin has remained untouched for an extended period, suggesting it is likely lost or forgotten, it should be considered abandoned property.
However, the law imposes a much stricter standard. Abandonment generally requires a dual condition: a clear intent to relinquish ownership and a tangible action that unequivocally demonstrates this intent. The owner must demonstrably intend to give up their rights and must perform an act that signifies this intention. Mere inaction or failure to utilize an asset for a prolonged duration is insufficient, particularly when the asset is demonstrably valuable.
This is not merely an arcane legal technicality; it is a foundational tenet of property law designed to prevent the arbitrary appropriation of assets. If non-use alone were sufficient to extinguish title, the legal system would effectively sanction the looting of any property whose owner had been silent for an extended period. This principle applies universally to land, real estate, stocks, physical cash, and valuable heirlooms. It is equally applicable to Bitcoin.
Consider a clear edge case: if an individual intentionally sends Bitcoin to a "burn address" with no accessible private key, this action strongly suggests abandonment. It involves both a deliberate act and a clear signal of intent. However, this example serves to reinforce the opposite of the quantum raider’s argument. It illustrates what genuine relinquishment looks like when an owner actively intends it. The vast majority of dormant Bitcoin wallets do not exhibit such characteristics.
The more conventional and legally sound interpretation is that old Bitcoin holdings remain just that: old Bitcoin holdings. Some are undoubtedly lost, some inaccessible, some forgotten, and some simply inactive. None of these conditions, however, transform them into ownerless property.
Recent legislative developments have begun to formalize this legal instinct concerning digital assets. The UK’s Property (Digital Assets etc) Act 2025, which received Royal Assent in December 2025, established a distinct third category of personal property specifically for crypto-tokens. In the United States, UCC Article 12, recognizing "controllable electronic records," has now been adopted by over thirty states and the District of Columbia. Neither of these legal frameworks treats dormancy as equivalent to relinquishment. By formally classifying digital assets as property, both regimes significantly raise the legal threshold for any argument claiming that old Bitcoin holdings are ownerless by default.
The Irrelevance of Death to Ownership
A common subsequent line of reasoning shifts from abandonment to mortality. The argument is that while coins may not have been abandoned, many early holders are likely deceased. Does this fundamentally alter the legal analysis?
From the perspective of someone seeking to claim ownership, the answer is generally no. Some early Bitcoin wallets present a scenario akin to Schrödinger’s heir problem: an owner might be declared deceased when it serves the purpose of establishing ownerless property, only to be treated as potentially having heirs when the burdens of succession become relevant. Property law, however, does not entertain such superpositional states.
Upon a person’s death, legal title to their property does not vanish. Instead, it transfers to heirs, devisees, or, in the absence of named beneficiaries, to the state through a process known as escheat. The legal system does not simply declare an open season on the deceased’s assets. It endeavors to maintain continuity of ownership, even when physical possession becomes complicated, inconvenient, or temporarily impossible to exercise.
The analogy to physical property is remarkably straightforward. If an individual dies owning a large ranch, the first trespasser who breaks the lock on the gate does not automatically acquire ownership through initiative and optimism. The estate is responsible for the succession of ownership. If no heirs are identified, the sovereign government has a claim. Valuable property does not become unowned simply because its original owner is no longer alive.
Bitcoin operates under the same principle. Lost private keys do not transfer title. Inaccessibility does not constitute a legal conveyance of ownership. An individual who later derives the private key using advanced technology has not discovered ownerless treasure. Instead, they have acquired the practical capability to move property that legally belongs to someone else, or to that person’s estate.
This conclusion has particular significance for the largest block of old, vulnerable Bitcoin holdings: those associated with Satoshi Nakamoto. Whether Satoshi is alive, deceased, or has permanently withdrawn from public life is legally irrelevant to the classification of these assets. Those coins belong either to Satoshi or to Satoshi’s estate. They do not become a prize for the first actor to arrive with a quantum-enabled tool.
Unclaimed Property Law’s Limitations
A mistaken assumption sometimes arises that dormant Bitcoin could be legally claimed under unclaimed property statutes. While this confusion is understandable, it overlooks the fundamental operational mechanics of such laws.
Unclaimed property legislation typically functions through an intermediary. A bank, brokerage firm, exchange, or other custodian holds property on behalf of an owner. If the owner remains absent for a significant period, the state may mandate that the custodian report and remit the asset, while preserving the owner’s right to reclaim it later. This framework is inherently built around the existence of intermediaries.
This model proves effective for exchange balances, custodial wallets, and assets held by businesses that can be legally compelled to release them.
However, this framework does not directly apply to self-custodied Bitcoin. A self-custodied UTXO lacks a central intermediary. There is no bank, no exchange holding the funds, and no transfer agent awaiting instructions. Consequently, there is no custodian for the state to direct. The system consists solely of the network, the private key, and the individual capable of generating a valid spend.
This distinction means that while governments may have recourse to custodial cryptocurrency, self-custodied Bitcoin presents a more significant legal challenge. The law can assert ownership and, in some instances, dictate who should surrender an asset. What it cannot do, however, is magically conjure the private key itself.
This same limitation undermines a more sophisticated argument based on UCC Article 12. A quantum attacker who derives a private key may gain practical "control" over the asset. But in legal parlance, control is distinct from title. It has never been synonymous. A burglar who discovers the combination to a safe gains control of its contents, but this does not legally make them the owner; it constitutes theft.
Adverse Possession and Salvage: Inapplicable Analogies
Two legal doctrines are frequently invoked to lend a veneer of legitimacy to the concept of quantum theft: adverse possession and salvage. However, neither doctrine withstands scrutiny when applied to the specifics of Bitcoin transactions.
Adverse possession originated as a legal mechanism for resolving land disputes and carries conditions pertinent to real estate. Crucially, possession must be open and notorious, providing the true owner a reasonable opportunity to detect the adverse claim and challenge it. A quantum attacker who moves stolen coins to a new address does not fulfill this requirement. While the transfer is visible on the blockchain, this is not "meaningful notice" in the legal sense. A pseudonymous on-chain transaction does not inform the original owner of the identity of the claimant, the basis of their claim, or the forum in which the claim can be contested. Furthermore, the policy rationale behind adverse possession—resolving stale land disputes and rewarding visible use of neglected property—does not align with Bitcoin’s inherent transparency and its already recorded chain of possession.
Salvage, an even less applicable analogy, rewards parties for rescuing property from peril. A quantum attacker does not rescue property from peril; they exploit it. In many cases, they are the direct cause of the peril’s significance. Characterizing such an act as "salvage" is akin to calling a pirate a lifeguard simply because they arrived in a boat—a euphemism masquerading as a legal theory.
The Core Conflict of BIP-361
This is precisely why BIP-361 is a pivotal development. It represents the first substantial attempt to address the quantum threat at the protocol consensus layer, rather than waiting for potentially protracted legal battles over the aftermath.
In essence, BIP-361 proposes a phased approach. Initially, it would prevent new Bitcoin from being sent to quantum-vulnerable address types, while still permitting users to migrate existing funds to more secure destinations. Subsequently, legacy signatures within vulnerable UTXOs would cease to be valid for spending those coins, effectively freezing any remaining unmigrated funds. A more aspirational component involves a proposed recovery mechanism utilizing zero-knowledge proofs linked to BIP-39 seed possession, though this aspect remains incomplete.
A critical limitation of the current proposal is that the recovery path is primarily designed for wallets generated from BIP-39 mnemonics. Earlier wallet formats, including the pay-to-public-key outputs associated with Satoshi Nakamoto, lack a realistic migration route under the present design. This is not a minor oversight. It means that Phase C of BIP-361, as currently conceived, would preserve the property rights of more recent Bitcoin adopters while potentially permanently extinguishing those of the earliest participants. This constitutes a de facto statute of limitations imposed by protocol change rather than legislative action.
The appeal of BIP-361 lies in its proactive stance. By acknowledging that certain categories of Bitcoin are at risk of becoming targets for the first quantum actors, the network can refuse to validate such exploitative transfers. This approach essentially defends ownership by preemptively blocking technologically enabled theft, treating the quantum actor as a thief and denying them their intended prize.
However, this is only one facet of the issue. The other dimension, often overlooked by protocol designers prioritizing immediate security, presents a more complex legal challenge. Phase B of BIP-361, while aimed at preventing theft, also disables actual owners who are unable or unwilling to migrate their funds in time. This has significant implications because property law considers not only the benevolent intent of a rule but also its practical impact on the owner.
Labeling this outcome as mere "theft" is imprecise. BIP-361 does not reassign coins to developers, miners, or new claimants. It does not enrich the freezer in the typical manner of a thief. Yet, classifying it as "not theft" does not conclude the inquiry. A closer analogy is conversion, or at least a concept uncomfortably adjacent to it. If a rule dictates that an owner could spend their Bitcoin yesterday but cannot today, not due to a voluntary transfer, abandonment, or a court-ordered claim, but because the network deems those coins too risky to remain spendable, the network has done more than simply "protect property rights." It has intentionally disabled the practical exercise of some of those rights.
This is what renders the proposed freeze legally awkward. While proponents can argue it is the lesser of two evils—a necessary measure in extraordinary circumstances—it is not legally pristine. A rule that permanently prevents an owner from accessing their own coins begins to resemble forced dispossession by consensus rather than ordinary theft.
The most potent objections arise in the most challenging cases. Timelocked UTXOs present a clear example. If a user intentionally set a timelock to mature after the proposed freeze date, they did not neglect or abandon their coins. They actively structured them to be unspendable until a future point. Yet, the protocol could still freeze them permanently before that date arrives. Similar issues arise with older wallet constructions where the recovery path relies on BIP-39 seed possession, potentially leaving some earlier formats with no viable route back. Estates also highlight this tension: an owner may be deceased, but title has passed. Freezing the coins does not eliminate the underlying property claim; it merely removes the network’s willingness to honor it.
Therefore, a more accurate description of Phase B is not simply an "anti-theft rule." It is a confiscatory defense mechanism. It may be justifiable, perhaps even necessary, but its effect is confiscatory for certain owners. The proposal does not merely choose between the owner and the thief; in some instances, it selects one class of owners over another, treating the losses of the disfavored class as the cost of securing the system.
While this may not constitute unlawful action in a straightforward courtroom sense—as Bitcoin consensus changes are not state action, rendering direct takings analogies imperfect unless government involvement is explicit—from a private-law perspective, the conversion analogy carries significant weight. Legal title may remain rhetorically intact, while practical control is intentionally destroyed.
This is the fundamental symmetry at the heart of the quantum debate. Allowing a quantum attacker to seize dormant coins is legally akin to theft. Freezing vulnerable coins via a soft fork, while potentially a lesser evil, is not without cost, either materially or ethically. For certain owners, it begins to resemble confiscation.
The Unambiguous Legal Answer, Bitcoin’s Evolving Response
Classical property law will not endorse the derivation of private keys via quantum computing as a legitimate form of asset recovery. Dormancy is not abandonment. Death transfers title, it does not extinguish it. Unclaimed property laws apply to custodians, not to the inherent nature of self-custody. Adverse possession is ill-suited to pseudonymous UTXOs, and salvage is a legally untenable analogy.
Consequently, if an individual uses a quantum computer to derive the private key for a dormant wallet and transfer its contents, the legal system will almost certainly categorize this action as theft.
However, BIP-361 illustrates that Bitcoin may not face a simple choice between outright theft and pristine protection of ownership. Instead, it may confront a dilemma between theft perpetrated by an attacker and dispossession enacted by the protocol itself. Freezing vulnerable coins could be a defensible response to an extraordinary threat, perhaps the only one the network finds acceptable. Nevertheless, it must be described with honesty. For some owners, particularly those with timelocked outputs, legacy wallet formats, or no feasible migration path, this freeze may appear less like protection and more like confiscation.
This complexity elevates the issue beyond a simplistic morality play. Bitcoin inherently blurs the distinction between title and possession that property law traditionally relies upon. Courts can rule that a quantum raider committed theft. They can also rule that a protocol-level freeze substantially infringed upon an owner’s rights. However, the blockchain will ultimately recognize only the rules adopted by its economic majority.
Therefore, the current contention is not merely about whether Bitcoin should defend property rights during the quantum transition. It is fundamentally about which property rights Bitcoin is willing to impair in order to safeguard the rest. This evolving challenge marks a transition into the realm of classical politics, where difficult choices and trade-offs are inevitable.
This article was a guest post by Colin Crossman. The opinions expressed are solely those of the author and do not necessarily reflect the views of BTC Inc. or Bitcoin Magazine.